Stefan Behte wrote:
> AFAIK other products like apache solve this problem
> by running a main process as root and dropping privileges/capabilities
in
> subprocesses/threads that handle the connections. If you want to kill
-HUP
> apache, you send it to the main process, not a process running with
lower
> privileges.
>> To be honest, I do not like the way stunnel currently handles this, when
I
> send a -HUP, I expect it to reload my config, without exceptions. Well,
it
> is a design decision, a workaround exists and it's documented, but
still...
It's a good idea, but quite tough to implement. It would require passing
socket descriptors, configuration file, certificates, private keys, CRLs,
and possibly other stuff between processes with different permissions.
I have updated my TODO list:
http://www.stunnel.org/?page=sdf_todo
Alternatively I could just drop support for setuid and chroot, as my
budget is much smaller than the budget of Apache Foundation:
http://www.apache.org/foundation/records/minutes/2010/board_minutes_2010_04_21.txt
Mike